diff options
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_addr.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_addr.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index efdf7c3ba7..9087d66e0a 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c | |||
| @@ -236,7 +236,7 @@ static int i2r_IPAddressOrRanges(BIO *out, | |||
| 236 | /* | 236 | /* |
| 237 | * i2r handler for an IPAddrBlocks extension. | 237 | * i2r handler for an IPAddrBlocks extension. |
| 238 | */ | 238 | */ |
| 239 | static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, | 239 | static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, |
| 240 | void *ext, | 240 | void *ext, |
| 241 | BIO *out, | 241 | BIO *out, |
| 242 | int indent) | 242 | int indent) |
| @@ -315,8 +315,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, | |||
| 315 | const int length) | 315 | const int length) |
| 316 | { | 316 | { |
| 317 | unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; | 317 | unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; |
| 318 | int prefixlen_a = 0; | 318 | int prefixlen_a = 0, prefixlen_b = 0; |
| 319 | int prefixlen_b = 0; | ||
| 320 | int r; | 319 | int r; |
| 321 | 320 | ||
| 322 | switch (a->type) { | 321 | switch (a->type) { |
| @@ -596,10 +595,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, | |||
| 596 | return NULL; | 595 | return NULL; |
| 597 | switch (afi) { | 596 | switch (afi) { |
| 598 | case IANA_AFI_IPV4: | 597 | case IANA_AFI_IPV4: |
| 599 | (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); | 598 | sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); |
| 600 | break; | 599 | break; |
| 601 | case IANA_AFI_IPV6: | 600 | case IANA_AFI_IPV6: |
| 602 | (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); | 601 | sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); |
| 603 | break; | 602 | break; |
| 604 | } | 603 | } |
| 605 | f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; | 604 | f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; |
| @@ -856,7 +855,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, | |||
| 856 | if (!make_addressRange(&merged, a_min, b_max, length)) | 855 | if (!make_addressRange(&merged, a_min, b_max, length)) |
| 857 | return 0; | 856 | return 0; |
| 858 | sk_IPAddressOrRange_set(aors, i, merged); | 857 | sk_IPAddressOrRange_set(aors, i, merged); |
| 859 | (void)sk_IPAddressOrRange_delete(aors, i + 1); | 858 | sk_IPAddressOrRange_delete(aors, i + 1); |
| 860 | IPAddressOrRange_free(a); | 859 | IPAddressOrRange_free(a); |
| 861 | IPAddressOrRange_free(b); | 860 | IPAddressOrRange_free(b); |
| 862 | --i; | 861 | --i; |
| @@ -880,7 +879,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
| 880 | v3_addr_get_afi(f))) | 879 | v3_addr_get_afi(f))) |
| 881 | return 0; | 880 | return 0; |
| 882 | } | 881 | } |
| 883 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | 882 | sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); |
| 884 | sk_IPAddressFamily_sort(addr); | 883 | sk_IPAddressFamily_sort(addr); |
| 885 | OPENSSL_assert(v3_addr_is_canonical(addr)); | 884 | OPENSSL_assert(v3_addr_is_canonical(addr)); |
| 886 | return 1; | 885 | return 1; |
| @@ -889,7 +888,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
| 889 | /* | 888 | /* |
| 890 | * v2i handler for the IPAddrBlocks extension. | 889 | * v2i handler for the IPAddrBlocks extension. |
| 891 | */ | 890 | */ |
| 892 | static void *v2i_IPAddrBlocks(struct v3_ext_method *method, | 891 | static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, |
| 893 | struct v3_ext_ctx *ctx, | 892 | struct v3_ext_ctx *ctx, |
| 894 | STACK_OF(CONF_VALUE) *values) | 893 | STACK_OF(CONF_VALUE) *values) |
| 895 | { | 894 | { |
| @@ -1125,7 +1124,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) | |||
| 1125 | return 1; | 1124 | return 1; |
| 1126 | if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) | 1125 | if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) |
| 1127 | return 0; | 1126 | return 0; |
| 1128 | (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); | 1127 | sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); |
| 1129 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { | 1128 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { |
| 1130 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); | 1129 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); |
| 1131 | int j = sk_IPAddressFamily_find(b, fa); | 1130 | int j = sk_IPAddressFamily_find(b, fa); |
| @@ -1167,7 +1166,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1167 | { | 1166 | { |
| 1168 | IPAddrBlocks *child = NULL; | 1167 | IPAddrBlocks *child = NULL; |
| 1169 | int i, j, ret = 1; | 1168 | int i, j, ret = 1; |
| 1170 | X509 *x = NULL; | 1169 | X509 *x; |
| 1171 | 1170 | ||
| 1172 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); | 1171 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
| 1173 | OPENSSL_assert(ctx != NULL || ext != NULL); | 1172 | OPENSSL_assert(ctx != NULL || ext != NULL); |
| @@ -1180,6 +1179,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1180 | */ | 1179 | */ |
| 1181 | if (ext != NULL) { | 1180 | if (ext != NULL) { |
| 1182 | i = -1; | 1181 | i = -1; |
| 1182 | x = NULL; | ||
| 1183 | } else { | 1183 | } else { |
| 1184 | i = 0; | 1184 | i = 0; |
| 1185 | x = sk_X509_value(chain, i); | 1185 | x = sk_X509_value(chain, i); |
| @@ -1189,7 +1189,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1189 | } | 1189 | } |
| 1190 | if (!v3_addr_is_canonical(ext)) | 1190 | if (!v3_addr_is_canonical(ext)) |
| 1191 | validation_err(X509_V_ERR_INVALID_EXTENSION); | 1191 | validation_err(X509_V_ERR_INVALID_EXTENSION); |
| 1192 | (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); | 1192 | sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); |
| 1193 | if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { | 1193 | if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { |
| 1194 | X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); | 1194 | X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); |
| 1195 | ret = 0; | 1195 | ret = 0; |
| @@ -1215,7 +1215,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1215 | } | 1215 | } |
| 1216 | continue; | 1216 | continue; |
| 1217 | } | 1217 | } |
| 1218 | (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); | 1218 | sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); |
| 1219 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { | 1219 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { |
| 1220 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); | 1220 | IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); |
| 1221 | int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); | 1221 | int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); |
| @@ -1242,6 +1242,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1242 | /* | 1242 | /* |
| 1243 | * Trust anchor can't inherit. | 1243 | * Trust anchor can't inherit. |
| 1244 | */ | 1244 | */ |
| 1245 | OPENSSL_assert(x != NULL); | ||
| 1245 | if (x->rfc3779_addr != NULL) { | 1246 | if (x->rfc3779_addr != NULL) { |
| 1246 | for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { | 1247 | for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { |
| 1247 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); | 1248 | IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); |